Begin forwarded message:

From: "IAPP Daily Dashboard" <publications@iapp-email.com>

Subject: A New Model for Consent

Date: 14 July 2015 at 6:44:48 PM GMT+1

To: <eve@xmlgrrl.com>

Reply-To: "IAPP Daily Dashboard" <reply-fe9115747360017577-1775_HTML-5175062-7000677-0@iapp-email.com>

To view this e-mail as a web page, go here.

Build your privacy skills TRAIN IN SAN FRANCISCO Just announced! Registration is now open for privacy training classes headed to San Francisco. Your class includes everything you need to get started. And if you decide to aim for a credential, you'll have a head start. October 14-15 Register Now INTERNET OF THINGS A New Model for Consent With the traditional consent model under threat from the rise of Internet-of-Things (IoT) technology, there may be new and viable consent tools that provide users with control over how their personal data is shared. "A new wave of companies developed two new kinds of consent tools to meet the needs of emerging data-sharing requirements—OAuth and the 'Share' button—and go beyond the minimums required by certain regulators," writes ForgeRock Innovation and Emerging Technology VP Eve Maler in this post for Privacy Tech. Maler delves into these alternative models to demonstrate the potential for real-world practical application for users and businesses in the IoT economy. Full Story PRIVACY BUSINESS Start-Up Launches Campaign To Boost Two-Factor Authentication In June, mobile identity company TeleSign commissioned a study on consumers' concerns about online security and their exposure to breaches. It found that, amidst increasing breach reports, 80 percent of consumers are worried about their online security and 40 percent have experienced a security incident within the past year. It also found, however, that 73 percent of online accounts use duplicated passwords and more than half of consumers use five or fewer passwords across their entire online life. Given statistics like those, TeleSign has launched a campaign aimed at educating consumers on what it says is the future of mobile identity: two-factor authentication. In this exclusive for The Privacy Advisor,  Angelique Carson, CIPP/US, talks to TeleSign CPO Stephen Bolinger, CIPP/E, CIPP/G, CIPP/US, CIPM, about the initiative. Full Story PRIVACY LAW—EU Unraveling the Mysteries of the Trilogue The trilogue process for the proposed EU General Data Protection Regulation continues this week with the co-legislative bodies of the EU—the Commission, the Parliament and the Council—meeting to discuss Article 3 on the territorial scope of the regulation and Chapter 5 on international data transfers. Still hazy on how the trilogue works? Olivier Proust, CIPP/E, of counsel at Fieldfisher, explains it all in layman's terms in this post for Privacy Tracker. (IAPP member login required.) Full Story Advertisement Case Study: The Business Associate's Guide to Breach Response Data breaches affect all types and sizes of healthcare organizations. Managing a caring, compliant breach response is no easy feat-especially for business associates with multiple covered entity clients. Here's a scenario of a breach, which affected approximately 338,000 California residents and involved multiple covered-entity clients, and the resulting best practices learned that can help business associates navigate the complexities of such a breach and launch a successful response. Read About These Eight Steps CYBERSECURITY—U.S. DHS Secretary: Federal Cybersecurity Needs Improvement In a column for POLITICO, Department of Homeland Security (DHS) Secretary Jeh Johnson updates the public on the current state of cybersecurity efforts within the federal government, noting while much is being done to bolster the nation's cyber framework, more is needed. Johnson writes that information sharing is "fundamental to cybersecurity" and calls on Congress to "expressly authorize the EINSTEIN program" and "eliminate any remaining legal obstacles to its deployment across the federal government." Johnson notes that, "we must incentivize the private sector to share cyber-threat indicators with the federal government ... in a manner that protects privacy and provides protection from civil and criminal liability" and highlights the need for a national breach reporting system and "enhanced criminal penalties for cybercrime." Full Story PRIVACY—CANADA Video: Frank Work on Deconstructing Privacy Former Alberta Information and Privacy Commissioner Frank Work spoke in his keynote address at the IAPP 2015 Canada Privacy Symposium about the past 35 years of privacy and its evolution. In this IAPP video from his talk, Work, who is now a privacy consultant, tells attendees at this year's Symposium that while he is not going to declare privacy is dead, "I would like to leave you with an understanding of the social forces that I think shape any current view of privacy." Full Story PRIVACY ENFORCEMENT—U.S. Cooper: FTC Overreached in Nomi Case The Federal Trade Commission (FTC) case against Nomi Technologies is based on presumption and apples-to-oranges reasoning, George Mason University School of Law's James Cooper writes for The Hill. After Nomi failed to ensure that the tenets of its privacy policy and in-store marketing campaigns extended to its retailers, the FTC stepped in, using its "Policy Statement on Deception" (PSD) as its legislative rationalization, Cooper explains, writing, "Unfortunately ... the commission appears to assume away the PSD's strictures. It had zero evidence that the ability to opt out of Nomi's encrypted in-store tracking was important to consumers' decisions to frequent stores." Cooper questions, "How did the commission get around the facts? By presuming  the materiality of Nomi's promise to provide an in-store opt-out." Full Story Advertisement Incident Response Workbook: Prepare Your Incident Response Plan Today In today's age of shifting cyber risk and large data breaches, the consequences of a poor breach response have never been higher: Sales, company reputation, stock prices, job retention and customer loyalty all hang in the balance. Organizations that are prepared to successfully execute a data breach response plan are able to respond quickly and effectively to the inevitable cyber-breach event, minimizing errors and reducing costs along the way. This workbook will help you get started on a custom incident response plan by providing an outline and recommendations for planning a well-orchestrated response to a data breach that includes key considerations for breach preparation and notification. Download the Incident Response Workbook PRIVACY LAW—U.S. Recover Act Aims To Assist OPM Breach Victims Nine House Democrats have unveiled the Recover Act, a bill that would provide "lifetime identify-theft monitoring" for the millions of victims of the recent Office of Personnel Management (OPM) breaches, The Hill reports. "Much of the OPM data is lifetime and permanent background information that cannot be changed like a credit card number," said Rep. Eleanor Holmes Norton (D-DC), whose bill is a companion to one from Sen. Ben Cardin (D-MD). The bill has support from National Treasury Employees Union President Colleen Kelly, who said it "will go a long way toward protecting individuals from ID theft problems stemming from these devastating data breaches." Full Story SURVEILLANCE—U.S. Advocates Cynical as NTIA Drone Talks Approach On August 3, the National Telecommunication and Information Administration (NTIA) will meet with privacy groups in an effort to understand the regulatory privacy measures necessary for drones, PCWorld reports. This is the third iteration of talks of this nature, which thus far have ended without consensus and with privacy groups leaving frustrated. "Consumer and privacy groups don't have confidence in the process," said Center for Digital Democracy Executive Director Jeffrey Chester. "Protecting privacy from the use of drones requires a serious effort that the NTIA has so far failed to demonstrate." Editor's Note: Joseph Jerome, CIPP/US, recently wrote a piece for Privacy Perspectives on why privacy pros need to be engaged with drone regulations. Full Story HEALTHCARE PRIVACY—U.S. DHHS Settles With Hospital Over HIPAA Violation After an information-sharing incident gone awry and a data breach, St. Elizabeth's Medical Center faces a $218,400 settlement with the Department of Health and Human Services (DHHS) for failing to comply with the Health Insurance Portability and Accountability Act (HIPAA), The Boston Globe reports. "Organizations must pay particular attention to HIPAA's requirements when using Internet-based document sharing applications," said DHHS Office for Civil Rights Director Jocelyn Samuels, adding, "In order to reduce potential risks ... all workforce members must follow all policies and procedures." A hospital spokesperson said, "St. Elizabeth's has taken steps to ensure this will not happen again." Full Story Advertisement Available Now: Privacy Laws in Asia With its critical impact on the world economy and global trade, privacy legislation in Asia has been extremely active in the last several years. Get complimentary access to a recently released report, Privacy Laws in Asia, written by Cynthia Rich of Morrison & Foerster LLP for Bloomberg BNA. The report provides detailed analysis of the commonalities and differences in the privacy and data security requirements in countries including Australia, India, Hong Kong and more. Download Now INFORMATION ACCESS—U.S. Poitras Suing Over Unanswered FOIA Requests Filmmaker Laura Poitras is suing the U.S. government after receiving no response to her Freedom of Information Act requests for documents pertaining to the government's targeting of Poitras at U.S. and foreign airports, The Intercept reports. Poitras was searched, interrogated and detained more than 50 times over six years. Officials seized her notebooks, laptop, cell phone and other personal items. "I'm filing this lawsuit because the government uses the U.S. border to bypass the rule of law," said Poitras in a statement. The filmmaker, who won an Oscar for Citizenfour, said she hopes the suit will also bring attention to those who are less well known but are also harassed at the border. Full Story All Current Job Listings NEW WEB CONFERENCE—MODERN ONLINE AUTHENTICIATION Thursday, July 16, 1 - 2:30 p.m. EDT Join us as experienced privacy and security professionals share new and better methods beyond the password. Learn the latest developments in authentication and identity management methods. Register Now July 14, 2015 QUICK LINKS Career Central IAPP Web Conferences Find Us on Twitter Resource Center Platinum Plus Members » Accenture » Booz Allen Hamilton » Capital One » CVS Caremark » Deloitte & Touche » Ernst & Young » Google » Hewlett-Packard Company » Intel Corporation » KPMG LLP » Lockheed Martin Corporation » Merck & Co., Inc. » Microsoft Corporation » Oracle » Pricewaterhouse Coopers LLP » Promontory » Teleperformance Group Platinum Members » American Express » AstraZeneca » AT&T » AvePoint » Baker & McKenzie » Edelman » Facebook, Inc. » The Nielsen Company » Ponemon Institute, LLC » Reed Elsevier » Wal-Mart Gold Members » Amgen Inc. » Apple Inc. » Automatic Data Processing » Bank of America » Beijing Sogou Technology Development Co, Ltd » Citigroup » Hogan Lovells » Holland & Knight » Intuit » Jones Day » Kroll » McKesson Corporation » MetLife » Protiviti » Prudential » Staples, Inc. » Target » TD Bank » TRUSTe » UnitedHealth Group » Vodafone Group Services Limited » Yahoo! Inc. Silver Members Corporate Members

Copyright© 2000–2015 International Association of Privacy Professionals. The views in this eNewsletter, if any, are those of the authors and are not necessarily those of the IAPP. This email was sent to: eve@xmlgrrl.com This email was sent by: INTERNATIONAL ASSOCIATION OF PRIVACY PROFESSIONALS 75 Rochester Ave., Suite 4, Portsmouth, NH 03801 USA +1 603.427.9200
We respect your right to privacy - view our statement - view the ExactTarget statement
Manage Subscriptions Update Profile | One-Click Unsubscribe